Among the information posted online were email addresses and passwords that hadn’t been securely encrypted, meaning that hackers could actually see plain text details. Obtaining an encrypted password won’t do an attacker much good, but actually obtaining email addresses and passwords not only compromises the identity of users, but also opens them to further attacks.
Adding insult to injury, a lot of deleted accounts — potentially up to 15 million — still had their information stored on the servers. So even people who had deleted their Friend Finder accounts may have been compromised. Some outlets are reporting that 20 years of data was released.
There may also be others that we’re not aware of yet. If you have an account on any of these sites, or if you’ve ever had an account, it’s best to assume that your information has been compromised. Unless you’ve been in the habit of using unique, strong passwords for a long time, you should change all of your other account passwords. Now.
The AdultFriendFinder breach isn’t yet searchable on HaveIBeenPwned, and Leaked Source hasn’t posted a link [Broken URL Removed] to the database on their main page. So there’s no way to know for sure at the time of this writing if your information has been made public. It’s best to assume that it has.
This hack could have serious repercussions. Sites like AdultFriendFinder and its affiliates collect important information that could be used by identity thieves. Your name, email and physical addresses, and phone number are all crucial to identity theft. If you notice any suspicious financial activity after a breach like this, contact the relevant institutions immediately.
The fact that these particular sites are adult-oriented means that this information could potentially be used for blackmail as well. If your hookups, one-night stands, and sexual preferences were to be made public, what would you do or pay to prevent it? It’s a sobering thought. Whether or not you want to bring up the fact that your name might be on one of these lists with someone close to you is a tough decision, too.
There’s always the risk of simple mayhem, as well. Plenty of hackers are out just to cause problems for other people. This could mean deleting your other accounts, taking over your social media feeds, sending spam or malware to the people in your email contact list, and many other things that aren’t inherently as bad as identity theft or blackmail, but are still really annoying.
Obviously we all hope there’s no next time. But based on what we’ve seen over the past couple years, it seems like there’s a good chance. So here’s what needs to happen.
Whether you had an account at one of these sites or not, this concerns you. The companies storing our data need to know that security matters. A lot. We need to start expecting companies to not only protect our data, but to explain to us in clear terms how they’re going to do that.
Sign petitions, fill out feedback forms, choose where you bring your business. These are the sorts of things that will show organizations that security is important.
Sure, encrypted messaging will keep people from eavesdropping. Encrypted email makes it nearly impossible for the NSA to read. But when you entrust your data to someone else, there’s a possibility that someday it will be made public.